agentguard-python-sdk 0.2.1__py3-none-any.whl → 0.2.3__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- agentguard/__init__.py +54 -1
- agentguard/auth.py +8 -42
- agentguard/client.py +639 -430
- agentguard/config.py +48 -34
- agentguard/consent.py +34 -33
- agentguard/errors.py +95 -83
- agentguard/types.py +43 -0
- agentguard_crypto/__init__.py +1 -0
- agentguard_crypto/canonical.py +34 -0
- agentguard_crypto/models.py +108 -0
- agentguard_crypto/signing.py +76 -0
- {agentguard_python_sdk-0.2.1.dist-info → agentguard_python_sdk-0.2.3.dist-info}/METADATA +23 -2
- agentguard_python_sdk-0.2.3.dist-info/RECORD +17 -0
- agentguard_python_sdk-0.2.3.dist-info/licenses/LICENSE +21 -0
- agentguard_python_sdk-0.2.3.dist-info/top_level.txt +2 -0
- agentguard_python_sdk-0.2.1.dist-info/RECORD +0 -12
- agentguard_python_sdk-0.2.1.dist-info/top_level.txt +0 -1
- {agentguard_python_sdk-0.2.1.dist-info → agentguard_python_sdk-0.2.3.dist-info}/WHEEL +0 -0
agentguard/__init__.py
CHANGED
|
@@ -1,4 +1,57 @@
|
|
|
1
1
|
from .client import AgentGuardClient
|
|
2
2
|
from .config import AgentGuardConfig
|
|
3
|
+
from .errors import (
|
|
4
|
+
AgentGuardError,
|
|
5
|
+
ValidationError,
|
|
6
|
+
TransportError,
|
|
7
|
+
AuthenticationError,
|
|
8
|
+
InvalidSignatureError,
|
|
9
|
+
ExpiredSignatureError,
|
|
10
|
+
PaymentError,
|
|
11
|
+
ReplayAttackError,
|
|
12
|
+
DuplicatePaymentError,
|
|
13
|
+
BudgetExceededError,
|
|
14
|
+
VerificationError,
|
|
15
|
+
SecurityError,
|
|
16
|
+
UnknownExecutionStateError,
|
|
17
|
+
AuthorizationRequiredError
|
|
18
|
+
)
|
|
19
|
+
from .types import (
|
|
20
|
+
AgentGuardReceipt,
|
|
21
|
+
AuditProof,
|
|
22
|
+
AuthorizationConstraints,
|
|
23
|
+
NonceContext,
|
|
24
|
+
AuthorizationMetadata,
|
|
25
|
+
DelegatedAuthorization,
|
|
26
|
+
AuthorizationReceipt,
|
|
27
|
+
RevocationReceipt
|
|
28
|
+
)
|
|
3
29
|
|
|
4
|
-
|
|
30
|
+
__version__ = "0.2.2"
|
|
31
|
+
|
|
32
|
+
__all__ = [
|
|
33
|
+
"AgentGuardClient",
|
|
34
|
+
"AgentGuardConfig",
|
|
35
|
+
"AgentGuardError",
|
|
36
|
+
"ValidationError",
|
|
37
|
+
"TransportError",
|
|
38
|
+
"AuthenticationError",
|
|
39
|
+
"InvalidSignatureError",
|
|
40
|
+
"ExpiredSignatureError",
|
|
41
|
+
"PaymentError",
|
|
42
|
+
"ReplayAttackError",
|
|
43
|
+
"DuplicatePaymentError",
|
|
44
|
+
"BudgetExceededError",
|
|
45
|
+
"VerificationError",
|
|
46
|
+
"SecurityError",
|
|
47
|
+
"UnknownExecutionStateError",
|
|
48
|
+
"AuthorizationRequiredError",
|
|
49
|
+
"AgentGuardReceipt",
|
|
50
|
+
"AuditProof",
|
|
51
|
+
"AuthorizationConstraints",
|
|
52
|
+
"NonceContext",
|
|
53
|
+
"AuthorizationMetadata",
|
|
54
|
+
"DelegatedAuthorization",
|
|
55
|
+
"AuthorizationReceipt",
|
|
56
|
+
"RevocationReceipt",
|
|
57
|
+
]
|
agentguard/auth.py
CHANGED
|
@@ -7,48 +7,14 @@ from typing import Dict, Any
|
|
|
7
7
|
import nacl.signing
|
|
8
8
|
import nacl.encoding
|
|
9
9
|
|
|
10
|
-
|
|
11
|
-
"""
|
|
12
|
-
Deterministic canonicalization (Priority 5).
|
|
13
|
-
1. NFC Normalize all strings recursively.
|
|
14
|
-
2. Sort keys.
|
|
15
|
-
3. No whitespace (separators=(',', ':')).
|
|
16
|
-
4. UTF-8 encoding.
|
|
17
|
-
"""
|
|
18
|
-
def normalize_rec(obj):
|
|
19
|
-
if isinstance(obj, str):
|
|
20
|
-
return unicodedata.normalize("NFC", obj)
|
|
21
|
-
if isinstance(obj, dict):
|
|
22
|
-
return {normalize_rec(k): normalize_rec(v) for k, v in obj.items()}
|
|
23
|
-
if isinstance(obj, list):
|
|
24
|
-
return [normalize_rec(i) for i in obj]
|
|
25
|
-
return obj
|
|
26
|
-
|
|
27
|
-
norm_payload = normalize_rec(payload)
|
|
28
|
-
canonical_str = json.dumps(
|
|
29
|
-
norm_payload,
|
|
30
|
-
sort_keys=True,
|
|
31
|
-
separators=(",", ":"),
|
|
32
|
-
ensure_ascii=False
|
|
33
|
-
)
|
|
34
|
-
return canonical_str.encode("utf-8")
|
|
10
|
+
from agentguard_crypto.signing import sign_payload
|
|
35
11
|
|
|
36
|
-
def sign_request(payload:
|
|
12
|
+
def sign_request(payload: Any, private_key_b64: str) -> str:
|
|
37
13
|
"""
|
|
38
|
-
Signs a
|
|
39
|
-
|
|
14
|
+
Signs a request using the shared cryptographic source of truth.
|
|
15
|
+
Payload MUST be a strictly typed canonical model.
|
|
40
16
|
"""
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
if len(seed) > 32:
|
|
46
|
-
seed = seed[:32] # Algorand SK is often seed + pubkey
|
|
47
|
-
|
|
48
|
-
signing_key = nacl.signing.SigningKey(seed)
|
|
49
|
-
|
|
50
|
-
canonical_bytes = canonicalize_payload(payload)
|
|
51
|
-
signature = signing_key.sign(canonical_bytes)
|
|
52
|
-
|
|
53
|
-
# Return detached signature in base64
|
|
54
|
-
return base64.b64encode(signature.signature).decode("utf-8")
|
|
17
|
+
if isinstance(payload, dict):
|
|
18
|
+
raise TypeError("Dictionary payloads are strictly prohibited. You must use a Canonical Payload model.")
|
|
19
|
+
|
|
20
|
+
return sign_payload(payload, private_key_b64)
|